For both filter types, you can add one or more filter strings (separated by spaces or CRLF) in the following syntax: [include | exclude] : [local | remote | both] : [tcp | udp | tcpudp | icmp | all] : [IP Range | Ports Range]
Here's some examples that demonstrate how to create a filter string:
Display only packets with remote tcp port 80 (Web sites): include:remote:tcp:80Display only packets with remote tcp port 80 (Web sites) and udp port 53 (DNS): include:remote:tcp:80 include:remote:udp:53Display only packets originated from the following IP address range: 192.168.0.1 192.168.0.100: include:remote:all:192.168.0.1-192.168.0.100Display only TCP and UDP packets that use the following port range: 53 - 139: include:both:tcpudp:53-139Filter most BitTorrent packets (port 6881): exclude:both:tcpupd:6881Filter all ICMP packets (Ping/Traceroute activity): exclude:both:icmp